Embodiments presented herein generally relate to Internet of Things (IoT). More specifically, embodiments presented herein provide techniques for provisioning credentials on an IoT device via a cloud computing platform.
Internet of Things (IoT) is an approach for networking physical objects that are embedded with electronics, software, sensors, and the like that enables these objects to collect and exchange data. For instance, common household appliances may implement IoT technology to improve lifestyles of individuals. As an example, an IoT-based thermostat can collect data relating to the schedule of and usage by an individual to automatically program itself. As another example, door locks may be outfitted with IoT technology to detect a wireless signal, compare the signal with a wireless fingerprint, and unlock a door based on the comparison.
IoT devices are typically networked via a hub that allows messages to be sent back and forth between the hub and devices. Such messages can include data received by a device, executable code to be performed by the device, data being sent from the device to another device, and the like. Although the hub can be a physical networking device, cloud computing platforms can provide a hub service for connecting IoT devices, allowing the devices to connect directly to the cloud and use other services provided by the cloud computing platform, such as storage and data stream processing. Indeed, many IoT devices are manufactured to support cloud-based IoT hub subsystems.
One issue regarding manufacturing IoT devices to support the cloud relates to provisioning a fleet of homogenous devices with distinct credentials used to uniquely identify each device in the group. Typically, each device in the group is manufactured and shipped with a common device image. But before a given device can be used, the device must be provisioned with credentials and other identifying information. Doing so often requires a number of steps, such as generating a digital certificate signing request (CSR), sending the CSR to a certificate authority (CA), obtaining and activating the digital certificate, setting up device permissions, and the like. Consequently, it is impractical to provision distinct credentials to each individual device at the manufacturing level, given the large amount of IoT devices being manufactured in batches. As a result, provisioning a device typically occurs at the user level. However, given the complexity of the provisioning process, user-level provisioning is susceptible to errors.